In the modern DevSecOps landscape, teams often struggle to achieve more with fewer resources, leading to the development of counterproductive habits. These habits can significantly hinder the ability to establish effective security programs. Our presentation aims to address these challenges by identifying common anti-patterns based on our experiences and observations in the field. We will highlight the problems associated with these habitual practices and offer concrete, practical solutions.
Throughout this session, we will guide you through the most prevalent anti-patterns identified in our security efforts and observed in other teams. Additionally, we will provide alternatives to these detrimental practices, along with a compilation of free and open-source tools endorsed by the community. These resources are instrumental in reinforcing strong security practices across different organizations. Join us as we delve into a narrative of anti-patterns, best practices, and the extensive potential of automation to enhance security measures.
What's the focus of your work these days?
I'm the founder of a company in the Security Automation Space and its principal architect/security engineer. We create solutions that radically improve the efficiency of any security engineering team.
What's the motivation for your talk at QCon London 2024?
To provide a list of the most common counter-productive behaviors observed by several security teams out there, how to recognize early signs of this and how it can be overcome with a mix of human intervention and automation.
How would you describe your main persona and target audience for this session?
Persona: developers or security folks
Level: medium+
Is there anything specific that you'd like people to walk away with after watching your session?
Security people are not the police, they are the team's physician.
Therefore, they are not there to add checks and balances; they're there to observe and advise on good habits that would lead to a long and healthy product life cycle. Talk to them the same as you'd talk to your physician.
Speaker
Spyros Gasteratos
Founder @Ocurity, Principal Security Engineer, Maintainer of opencre.org & github.com/ocurity/Dracon, 15+ Years Experience in Security
Spyros has over 15 years of experience in the security world. Since the beginning of his career he has been an avid supporter and contributor of open source software and an OWASP volunteer. Currently he is interested in the harmonization of security tools and information and is currently helping Fintechs setup and automate large parts of their AppSec programmes. He also maintains several Open Source projects including the security automation framework Dracon, and opencre.org, the worlds largest security knowledge graph. Also, he usually doesn’t speak about himself in the third person.
Find Spyros Gasteratos at:
Date
Wednesday Apr 10 / 03:55PM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
